Skip to content

Commit

Permalink
Update error message when connect with an out-of-date client (vesoft-…
Browse files Browse the repository at this point in the history
…inc#4021)

* Update error message

* Do clientAddr check before FLAGS_enable_authorize check

* Fix typo
  • Loading branch information
Aiee authored Mar 14, 2022
1 parent ca378d3 commit 36c15b2
Showing 1 changed file with 20 additions and 17 deletions.
37 changes: 20 additions & 17 deletions src/graph/service/GraphService.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -210,36 +210,39 @@ folly::Future<std::string> GraphService::future_executeJsonWithParameter(
Status GraphService::auth(const std::string& username,
const std::string& password,
const HostAddr& clientIp) {
auto metaClient = queryEngine_->metaClient();

// TODO(Aiee) This is a walkaround to address the problem that using a lower version(< v2.6.0)
// client to connect with higher version(>= v3.0.0) Nebula service will cause a crash.
//
// Only the clients since v2.6.0 will call verifyVersion(), thus we could determine whether the
// client version is lower than v2.6.0
auto clientAddrIt = metaClient->getClientAddrMap().find(clientIp);
if (clientAddrIt == metaClient->getClientAddrMap().end()) {
return Status::Error(
folly::sformat("The version of the client sending request from {} is lower than v2.6.0, "
"please update the client.",
clientIp.toString()));
}

// Skip authentication if FLAGS_enable_authorize is false
if (!FLAGS_enable_authorize) {
return Status::OK();
}

// Authenticate via diffrent auth types
if (FLAGS_auth_type == "password") {
auto metaClient = queryEngine_->metaClient();
// TODO(Aiee) This is a walkaround to address the problem that using a lower version(< v2.6.0)
// client to connect with higher version(>= v3.0.0) Nebula service will cause a crash.
//
// Only the clients since v2.6.0 will call verifyVersion(), thus we could determine whether the
// client version is lower than v2.6.0
auto clientAddrIt = metaClient->getClientAddrMap().find(clientIp);
if (clientAddrIt == metaClient->getClientAddrMap().end()) {
return Status::Error(
folly::sformat("The version of the client sending request from {} is lower than v2.6.0, "
"please update the client.",
clientIp.toString()));
}

// Auth with PasswordAuthenticator
auto authenticator = std::make_unique<PasswordAuthenticator>(queryEngine_->metaClient());
auto authenticator = std::make_unique<PasswordAuthenticator>(metaClient);
return authenticator->auth(username, proxygen::md5Encode(folly::StringPiece(password)));
} else if (FLAGS_auth_type == "cloud") {
// Cloud user and native user will be mixed.
// Since cloud user and native user has the same transport protocol,
// There is no way to identify which one is in the graph layer,
// let's check the native user's password first, then cloud user.
auto pwdAuth = std::make_unique<PasswordAuthenticator>(queryEngine_->metaClient());
auto pwdAuth = std::make_unique<PasswordAuthenticator>(metaClient);
return pwdAuth->auth(username, proxygen::md5Encode(folly::StringPiece(password)));
auto cloudAuth = std::make_unique<CloudAuthenticator>(queryEngine_->metaClient());
auto cloudAuth = std::make_unique<CloudAuthenticator>(metaClient);
return cloudAuth->auth(username, password);
}
LOG(WARNING) << "Unknown auth type: " << FLAGS_auth_type;
Expand Down

0 comments on commit 36c15b2

Please sign in to comment.